Your data is yours. We take that seriously.
Ticket0 is built on a foundation of minimal data collection, strong access controls, and clear boundaries around how your support emails are processed.
Our core commitments
These are the principles that govern every product and engineering decision we make.
You own your data
Every email, draft, and conversation processed through Ticket0 belongs to you. We act as a processor — never a data owner. You can export or delete your data at any time.
Minimal collection
We only store what's necessary to run the product. We don't sell data, we don't use your support emails to train AI models for other customers, and we don't build behavioral profiles.
Transparent AI processing
When Ticket0 sends an email to an AI model to generate a draft, we use commercially contracted APIs with strict data processing agreements. Your content is not used for third-party model training.
Human-in-the-loop
No email is ever sent on your behalf without a human operator reviewing and approving it. AI is a tool in your team's hands — not an autonomous agent.
How we handle your data
Specific practices across encryption, retention, and access.
Encryption
In transit
All data transferred between your browser, our servers, and any connected email services uses TLS 1.2 or higher.
At rest
Email content, drafts, and knowledge base documents are encrypted at rest using AES-256.
Retention
Email threads
Retained for the duration of your subscription plus 30 days after cancellation. You can delete individual threads or all data at any time.
Usage logs
Server logs are retained for 90 days for security and debugging purposes, then automatically purged.
Access controls
Role-based access
Team members only see inboxes and data they're assigned to. Admins control permissions per-inbox.
Ticket0 staff access
Our team accesses customer data only to resolve support issues, with consent, and all such access is logged and auditable.
Operational security
Infrastructure, authentication, and compliance details.
Infrastructure
Ticket0 runs on SOC 2-certified cloud infrastructure. Data is processed in the US (default) with optional EU data residency available on Scale plans.
Authentication
Secure email/password authentication with bcrypt password hashing. SSO via Google and Microsoft available on Growth and Scale plans.
Uptime & reliability
We target 99.9% uptime. Incidents are disclosed via our status page. You'll never miss an inbound email — we queue and retry delivery during any downtime.
Compliance
Ticket0 operates as a data processor under GDPR and CCPA. We provide Data Processing Agreements (DPAs) to all customers on request.
Questions or concerns?
If you have a security question, need a DPA, or want to report a vulnerability, reach out at security@ticket0.com. We take all reports seriously and respond within 24 hours.
Built to be trusted with what matters.
Ticket0 handles your customers' support emails. We take that responsibility seriously.